An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.
References
Link | Resource |
---|---|
https://claroty.com/team82/disclosure-dashboard/cve-2023-2759 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: CERTVDE
Published: 2023-07-17T06:14:32.851Z
Updated: 2023-08-09T10:48:53.246Z
Reserved: 2023-05-17T14:21:50.584Z
Link: CVE-2023-2760
JSON object: View
NVD Information
Status : Modified
Published: 2023-07-17T07:15:08.953
Modified: 2023-08-09T11:15:10.280
Link: CVE-2023-2760
JSON object: View
Redhat Information
No data.
CWE